[pve-devel] applied: [PATCH manager] fix CSRF token generation

Fabian Gr├╝nbichler f.gruenbichler at proxmox.com
Fri Jan 13 10:59:29 CET 2017


this broke with the recent refactoring

Signed-off-by: Fabian Gr├╝nbichler <f.gruenbichler at proxmox.com>
---
 PVE/Service/pveproxy.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
index 5ecc54b..6a6be84 100755
--- a/PVE/Service/pveproxy.pm
+++ b/PVE/Service/pveproxy.pm
@@ -181,7 +181,7 @@ sub get_index {
 		$lang = $newlang;
 	    }
 	}
-	my $ticket = $server->extract_auth_cookie($cookie);
+	my $ticket = PVE::HTTPServer::extract_auth_cookie($cookie, $server->{cookie_name});
 	if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
 	    $token = PVE::AccessControl::assemble_csrf_prevention_token($username);
 	}
-- 
2.1.4




More information about the pve-devel mailing list